<?php 
	require_once("./include/my_func.inc.php");
    
	function check_login($user_id, $password) {
		session_destroy();
		session_start();
		$sql="SELECT `user_id`, `nick`, `password` FROM `users` WHERE `user_id`=? and defunct='N' ";
		$result=pdo_query($sql,$user_id);
		if(count($result) < 1) {
			return null;
		}
		$row = $result[0];
		if( ! pwCheck($password, $row['password']) ) {
        	return null;
		}
		$user_id=$row['user_id'];
		$ip = $_SERVER['REMOTE_ADDR'];
		if ( strlen($ip) <= 0 && !empty($_SERVER["HTTP_X_FORWARDED_FOR"]) ) {
			$addr = $_SERVER['HTTP_X_FORWARDED_FOR'];
			$tmp_ip=explode(',', $addr);
			$ip =(htmlentities($tmp_ip[0],ENT_QUOTES,"UTF-8"));
		}
		// 添加登录日志
		$sql="INSERT INTO `loginlog` VALUES(?,'login ok',?,NOW())";
		pdo_query($sql,$user_id, $ip);

		// 更新用户最近登录时间
		$sql="update users set accesstime=now(), access_ip = ? where user_id= ?";
        pdo_query($sql, $ip, $user_id);
        return  $row['nick'];
	}
?>
